It is with great embarrassment that I admit to having (almost?) fallen victim to a scam over the phone. Although my losses were limited at the end of the day, it was quite traumatic to realize that my senses were not as sharp as I had assumed. Wasting nearly two hours on a prime Saturday night was bad enough, but my pride also took a big hit.
The Plot
Over the past couple days, I had missed a few calls from Kaiser Permanente, the health insurer for my family. So when my phone ringed again from the same number, I figured it needed my attention.
Someone with poor English asked for me, and then asked if I spoke Chinese. He wasn’t from my doctor’s office or my kids’ pharmacy. Instead, he explained in Mandarin, that he wanted to inform me of a claim that I filed in February that got denied. Apparently I had applied online for an individual policy back in January, paid the premium, and shortly after filed for a large reimbursement. A red flag popped up and I told him this sounded like a case of an identity thief using my name to commit insurance fraud.
After hearing me out, the agent transferred the call to his supervisor to handle. Continuing to converse in Mandarin, this Manager Liu with ID #4699 ran through the details in when I opened this policy (1/16/2025, policy number CAN002096433), how much my premium was and how I paid for it, when I received the medical service (2/7/2025, for an appendicitis done in Xiangya #2 Hospital in Changsha, Hunan, China by a doctor named Yeh Lin Zhu), when I filed the claim (2/11/2025, for $2,968 USD), and how much it was covered (60%). I explained, confirmed, and re-confirmed that I was not aware of and did not authorize any of it.
Mr. Liu informed me of procedures to report the case of identity theft, such as filing a report with the FTC and with local police. Pretty standard stuff and frankly I had heard the same laundry list a few times recently; I also had experience with opening a case on IdentityTheft.gov and talking to police, and could say with confidence that neither was of any material help. When he also urged me to file a report with Changsha police and add that report to my FTC case, I chuckled at the idea that I would make an international call just to report an almost baseless incident. But he explained to me that FTC had a program that, subject to approval, could transfer my call to a foreign law enforcement free of charge. With my consent, he placed my call on hold.
It did cross my mind how odd and unbelievable this “FTC program” was, but before I could really think about it, a man with a definitive mainland accent answered the call by saying “Changsha Police Department”. Hmm. Really? I wasn’t prepared so struggled to explain how I was from the USA calling to report a potential identity theft in his jurisdiction. The officer seemed puzzled by what I was saying and what I wanted him to do about it, which was totally reasonable, but with some additional explanation he agreed to help me file a police report.
Officer Zhang Feng, with ID number 031165, explained to me procedures for taking a statement remotely. We connected on Zoom for a video conference and on Teams for data transfer. He had me look up (specifically using Baidu.com) the phone number of his police station (0731-82587827) and called my phone using that number to validate his authenticity. He informed me that the statement process must not be interfered by a third person or any background noise, which I thought was fair. He asked me to keep my camera on, though he had only shown his face temporarily.
The real pause came when Officer Zhang asked me for my ID. I was subconsciously aware that I was on the phone with a total stranger whose identity I couldn’t entirely trust. I stalled for time and attempted to digitally alter the photo of my passport first, but made the call to believe that I was working with legit law enforcement and sent the real photo. Later on, he sent me an official looking police report, which I (with reservations) signed and sent back.
Then this guy started educating me of various ways people get their private information stolen. At first I thought it was nice PSA despite all those tips were basic even for my kids. Then he started to get repetitive and naggy, to the point I had to ask him to skip all this talk and get to wrap up the report.
At some point, while I was still on the phone, he paged the headquarters with my name, passport number, and requested a lookup. The alarm in my head finally rang as it didn’t smell like reasonable procedural behavior; I was also kicking myself for having shared my real passport data. Minutes later, “headquarters” paged back stating that they had found two accounts in my name, one of which was a bank account associated with financial crime… fuck me…
In the climax of this excessively lengthy exchange, Officer Zhang changed faces from a helpful public servant to a criminal interrogator, using an intimidating voice to accuse me for trying to evade the law or whatever. I suddenly woke up to what had been going on, and simultaneously froze with all sorts of regrets. I gave zero fucks to this new big problem that he was yelling at me about, but sweated about having over-shared my information. What should I say… or do? In realizing that I couldn’t undo anything, I responded to his high-pressure questioning with a calm, “oh I was just thinking about what to say to a scammer like you,” before leaving the Zoom meeting.
“Officer Zhang” tried calling me a couple times on Teams before sending me a “YOU CANNOT ESCAPE THE LAW!!!”
The Reflection
In hindsight, I was really stupid. There were so many signs along the way that should have made it obvious.
First of all… Kaiser Permanente does not sell global travel medical insurance policies. I who have a professional reputation for knowing how Kaiser works should know this better than anyone. Also, as Hong pointed out, how was it possible for a California-based KP agent speak such poor English? I should have hung up within the first two minutes of the call, but I had jumped to the conclusion that my identity had been stolen and Chinese-speaking criminals had been using it to commit fraud. Last year I took the calls from “Walmart”, “AT&T”, and “UHC” (summarized here) with increasing seriousness, and came to believe they were legit in part because none of them tried phishing any information out of me. Thus I was almost unfazed to hear entirely about another fraudulent account in my name… in fact, I was the one who digested the words spoken to me, came to that conclusion, and tried to convince my scammer that it was a case of identity theft. Now I really had no idea if those calls from last year were legit, similar attempts to pull me into a bigger scam, or Inception-esque seeds to warm me up to the identity theft idea in order to pull off this grand finale.
Second, the supposed phone transfer from KP to FTC to a police department in Human was such a fairy tale. I had used FTC’s IdentityTheft.gov and rolled my eyes at how useless it was, so what made me think they’d have a seamless system to help anyone file a report with a foreign law enforcement agency? The swiftness and depth of explanation for the program by “Manager Liu” was so well orchestrated and left me no time to contemplate, and somehow convinced me that “it can’t hurt” to file this report with Changsha even though I wouldn’t bother to try it again with my own hometown police.
Part of the deal here was that “Manager Liu” spoke of many procedural jargon and asked if I understood what he meant. I did not half of the time. I figured that it was because of me being accustomed to the English-speaking world having below-average comprehension of formalities in Chinese. But perhaps it was all part of the art, intentionally overwhelming their prey with garbage information and dulling my sense for reason.
Finally, “Officer Zhang” was even more full of holes. Even before he started the “paging the HQ” stunt, every step of the way had some unreasonable maneuvers. For example, what kind of cops had the time to spend 1+ hour nagging PSA at a foreigner calling from abroad? But like Manager Liu, he regularly sprinkled in details that helped him appear more credible – full name, police ID number, call from a number found on a search engine listing, legit-looking department logo and report form. Even the few seconds when he got on the Zoom call video made him appear believable, though thinking back I suspect it was merely a recorded clip of some real cops. It was fascinating because I did have doubts throughout the whole exchange, but his tactics managed to make me believe more than doubt and stringed me along for so long.
This incident reminded me of an NYT opinion piece written by a cyber crime expert explaining how she fell for a scam and wired a bunch of money to the criminal. The central argument in the essay was that we all need to stop victim shaming people for being stupid, because even the most knowledgeable and vigilant among us could get caught off guard and put in a weakened mental state to logically process what was happening. In sharing the conversation with Hong after hanging up with “Officer Zhang”, she easily identified some of the big holes above that I was somehow unable to see through.
Mental Conclusions
A part of me regrets leaving that conversation as if admitting defeat. I am curious but will never find out what “Officer Zhang” and “Manager Liu” were really after and what they planned to do next. My best guess is that they were to put me in a deep state of panic and intimidate me to wire some fines or fees to avoid prosecution (like… extradite me from California to a third-tier city in China?… :eyeroll:). I also wouldn’t be surprised if they continued playing the long game with lengthy nags and high-pressure interrogation… so who knows how much longer I’d be kept on Zoom if I were to patiently wait for (or actually fall for) their final reveal to take money from me.
What I seriously hope for is that they weren’t really baiting for my passport number, date of birth, or signature. Although I have for years believed that most of this stuff (and more) has been circulating on the dark webs already, knowing that I personally handed them to some criminals is still cringy to no end. I did some research afterwards and confirmed that those pieces of information really can’t be used for much, so that’s a sigh of relief. It’d be a different story if I had given out my SSN.
Like a good student of philosophy, I also questioned myself how I knew “Officer Zhang” wasn’t a real cop. What if, however absurd, there was indeed a bank account in China with my name and a bunch of criminal activities? What if this officer was really doing his job? I thought back to how, before he called from the “official” police station number, he specifically instructed me to look it up on Baidu. I googled that number and came to a phone lookup site. While it did tag the number to Changsha Police, it was labeled as “sourced from the Internet; use caution if you receive an unexpected call from this number”. Even more ironically, the ad on the page claimed to provide a service to help me “recover money from a major scam”. To double check, I looked up the exact police department branch from another website, and saw a completely different phone number. What this meant was that this criminal organization had enough resources to overwhelm Baidu (the Google-equivalent in China) with a fake phone number for an official police station. That’s rather scary.
Seeing how this episode unfolded, though, made me question those calls from “Walmart”, “AT&T”, and “UHC”. Maybe they were all similar scams from the same organization or copycat organizations. If true, it would actually be good news meaning that there hadn’t been any fraudulent accounts under my name, as I was led to believe. Some silver lining, I suppose.
What now?
Nothing. Whether or not my leaking of passport information further empowers these fuckers, there’s simply nothing I could do. It probably doesn’t add any damage to those systematic data breaches that happen to major corporations every few months, anyway. Identity theft and other cyber crimes remain a risk to me as they do everyone else in the world. I’d continue living my life with a healthy balance of alert and pragmatism. This episode made me incrementally wiser, but there’s no point living in fear of the unknown.
The key lesson for me is that we all are more vulnerable than we realize. It’s too easy to read a story in the news or on social media and laugh at the victims being simple-minded, but it’s actually impossible for us to outsmart all those people hiding in the shadows. It’s a humbling thought, and it’s something I learned today.
No Comments